Comment: this appears significantly different than the QuickView report, which found that hacking accounted for over 68% of all breaches, ignoring sector. Some of the discrepancy may be due to hackers not attempting to target the healthcare sector as much as they do the retail/business sector, but some may also be due to the fact that when reporting incidents to HHS, some covered entities may report hacks as “theft” from a network server.

Also different: while business associates accounted for 57% of exposed records in the HHS breach tool, the QuickView report found that business associate/third party breaches (only accounted for 6.2% of the exposed records.

And there’s more, of course. Redspin is only analyzing HHS reports based on HHS’s breach tool whereas QuickView has a broader sample and is global. But the Redspin data reminds covered entities that the security employed by business associates is critically important in protecting patient data.